Описание
django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that session's identifier.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.3.1-1ubuntu1 |
| hardy | ignored | end of life |
| lucid | released | 1.1.1-2ubuntu1.4 |
| maverick | released | 1.2.3-1ubuntu0.2.10.10.3 |
| natty | released | 1.2.5-1ubuntu1.1 |
| oneiric | released | 1.3-2ubuntu1.1 |
| upstream | released | 1.3.1-1 |
Показывать по
EPSS
5.8 Medium
CVSS2
Связанные уязвимости
django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that session's identifier.
django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, ...
EPSS
5.8 Medium
CVSS2